Archive 09/15/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1616658.88.4FreeBSD ftpd privileges management$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-7468
1616619.89.4FreeBSD bhyve SVM Guest privileges management$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-7467
1616605.35.1FreeBSD bhyve privileges management$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-24718
1616597.37.0FreeBSD ure Device Driver injection$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-7464
1616423.33.0Huawei HiSilicon RTSP Stream information disclosure$5k-$25k$0-$5kProof-of-ConceptNot Defined0.04CVE-2020-24216
1616417.36.6Huawei HiSilicon printf memory corruption$5k-$25k$0-$5kProof-of-ConceptNot Defined0.00CVE-2020-24214
1616405.95.4Huawei HiSilicon box_ProcessRequest unrestricted upload$5k-$25k$0-$5kProof-of-ConceptNot Defined0.04CVE-2020-24217
1616393.33.0Huawei HiSilicon box_ProcessRequest path traversal$5k-$25k$0-$5kProof-of-ConceptNot Defined0.04CVE-2020-24219
1616389.88.9Huawei HiSilicon Telnet Service privileges management$5k-$25k$0-$5kProof-of-ConceptNot Defined0.06CVE-2020-24218
1616378.47.6Huawei HiSilicon backdoor$5k-$25k$0-$5kProof-of-ConceptNot Defined0.00CVE-2020-24215
1612896.16.1TIBCO Spotfire Analyst Spotfire Client cross site scriting$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2020-9416
1612884.44.2Lenovo System Interface Foundation Configuration File default permission$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8346
1612876.05.8Lenovo System Update toctou$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8342
1612865.35.3Lenovo System x IMM2 cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-8340
1612853.93.9Lenovo IBM BladeCenter Advanced Management Module Web Interface insufficiently protected credentials$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-8339
1612845.65.4McAfee Web Gateway Configuration File improper authorization$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-7296
1612834.54.4McAfee Web Gateway Access Control improper authorization$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-7295
1612825.14.9McAfee Web Gateway REST Interface improper authorization$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-7294
1612817.77.4McAfee Web Gateway Access Control Password improper authorization$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-7293
1612805.45.4IBM Spectrum Protect Plus path traversal$5k-$25k$5k-$25kNot DefinedNot Defined0.06CVE-2020-4711
1612796.76.7IBM Spectrum Protect Plus Administrative Console unrestricted upload$5k-$25k$5k-$25kNot DefinedNot Defined0.06CVE-2020-4703
1612784.74.7IBM Business Automation Workflow Web UI cross site scripting$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2020-4530
1612774.34.3IBM Maximo Asset Management cross-site request forgery$5k-$25k$0-$5kNot DefinedNot Defined0.02CVE-2020-4526
1612768.88.8IBM Maximo Asset Management Java deserialization$5k-$25k$5k-$25kNot DefinedNot Defined0.06CVE-2020-4521
1612753.33.3IBM Tivoli Business Service Manager insecure storage of sensitive information$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2020-4344
1612746.56.5BlackCat CMS cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-25453
1612734.44.4Nifty Project Management cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-25071
1612726.46.4ElkarBackup DefaultController.php Source inadequate encryption$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-24925
1612714.44.4ElkarBackup Persistent cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-24924
1612708.28.2Trend Micro ServerProtect for Linux SPLX Console command injection$5k-$25k$5k-$25kNot DefinedNot Defined0.05CVE-2020-24561
1612698.58.5projectworlds House Rental index.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-23833
1612688.58.5SourceCodester Online Course Registration Upload Filter my-profile.php unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-23828
1612677.77.7VR CAM P1 Access Control improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2020-23512
1612666.56.5Spiceworks users cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2020-23451
1612656.46.1Gallagher Command Centre DCOM Websocket memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-16101
1612646.46.1Gallagher Command Centre DCOM Websocket denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-16100
1612634.34.1Gallagher Command Centre Guard Tour Event input validation$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-16099
1612627.57.2Gallagher Command Centre Credentials improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-16098
1612616.36.0Gallagher Controller Key insufficiently protected credentials$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-16097
1612607.47.1Gallagher Command Centre Credentials improper authorization$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-16096

Might our Artificial Intelligence support you?

Check our Alexa App!